New SCA requirements and what they mean for your business

There has been a lot of talk recently about the introduction of the new Strong Customer Authentication (SCA) requirements for online card transactions coming into effect this September. So what are they and what do they mean for your business?

What is Strong Customer Authentication (SCA)?

Following a steady increase in cases of payment fraud loss over the last few years, the new EU Payments Services Directive (PSD2), which was launched in January 2018, features a core component to enhance consumer rights and reduce online fraud. Strong Customer Authentication (SCA) is a key element of this, introducing additional security authentications for online transactions.

From 14 September 2019, any purchase made online over €30, will require extra form of customer identification. Also known as ‘two-factor’ or ‘multi-factor’ authentication, this will include at least two of the following:

  • Something they know, for example a PIN or password
  • Something they have such as a smart phone
  • Something they are, using biometric data such as fingerprint or facial recognition

The SCA requirements will apply to transactions where both the purchaser and the merchant are based in the European Economic Area (EEA).

So will SCA still apply after Brexit?

It is expected that the SCA regulations will be enforced regardless of the process or conclusion of the UK leaving the EU.

What SCA means for your business?

As a merchant, implementing and complying with SCA isn’t something that you can address yourself. The responsibility sits with the card issuer to put a mechanism in place for authentication via your payment service provider (PSP).

Currently, any payment that a card issuer deems as risky is usually diverted to the 3D Secure service, sometimes known as Verified by Visa or Mastercard Securecode, as a means of authenticating the customer. The new SCA requires nearly all online transactions (bar a few exemptions) to be diverted to a new improved version of 3D Secure – named 3D Secure v2 (or 3DSv2) – which will be in place from September. This new service will address the new SCA requirements, promising ‘frictionless authentication’ including the use of biometric data and better integration with devices such as smartphones.

Here at PCI Telecom, we know how important it is to ensure your customer journey is as smooth as possible so, to aid the transition, we are upgrading our processing solutions to support 3DSv2 to meet the requirements of SCA for online transactions. You can find out more about our Online card payment processing solutions as well as our over the phone card payment systems by visiting our Solutions page or get in touch to discuss your requirements in more detail.